On 30-Avr-99 13:39:20, Holger Kruse wrote:
> Just a few corrections to some recent mails regarding SSL:
Which do not really belong to this mailing-list which was talking about SSH
and SSL ports. But it's better to do some propaganda I guess.
> Q: Where does SSL belong, in the browser or the stack ?
> A: It belongs in the stack. SSL is an acronym for "Secure Socket
> Layer", i.e. it is an extension to the existing socket API
> (usually bsdsocket.library on the Amiga) to support data
> encryption and authentication. In the OSI reference model
> it fits partially into the "transport" and "session" layers,
TCP/IP doesn't fit very well in the OSI model.
> below the application layer, i.e. outside of application code.
> The SSL protocol is in no way specific to web browsing. It has
> nothing to do with HTTP or any other web browser functions.
> SSL can be used for telnet, ftp, email etc. in the same way as
> for web browsing, and standards exist for all that, so it makes
> sense to share the code in a common place. The only reason why
> some PC browsers traditionally included SSL in the browser is
> because Windows and its built-in stack did not support it
> already when the browsers were released.
It shouldn't belong in the stack but as an external package like it is on
other platforms. Do you know any other stack except Miami which comes with SSL
built in ? No. You usually install SSLeay (OpenSSL now) as either a link lib
or as a shared library and you link your applications with it, either
statically or dynamically.
SSL belongs either in the application or as a separate shared library but not
in the stack itself.
> Q: Does having SSL externally from the web browser cause any
> difficulties in the browser or limit the browser in any way,
> e.g. regarding certificate management ?
> A: No. Specifically regarding MiamiSSL: it supports certificate
> verification and management in the same way as other SSL
> implementations. (That's only logical, considering that it uses
> the same code.) Voyager just does not support the certificate
> hooks of MiamiSSL in its current version. Certificate
> verifications and updates would be easy to implement though,
> and the example source code for MiamiSSL demonstrates how to
> do that.
MiamiSSL only works with Miami. That's probably why all the Amiga browsers
decided to use their own implementation of SSL. So yes, it limits the browser
regarding MiamiSSL since you need Miami (and it's a serious limitation IMHO).
--
David Gerber
____________________________________________________________
Genesis Mailing List - Info & Archive: http://www.vapor.com/
For Listserver Help: <[EMAIL PROTECTED]>, "HELP"
To Unsubscribe: <[EMAIL PROTECTED]>, "UNSUBSCRIBE"
